<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
		<title>Test CrossSafe</title>
		<script src="CrossSafe.js">
		</script>
		<script>
		CrossSafe.directory = '/CrossSafe/';
		</script>
		<style>
			div { background-color:#def}
		</style>
	</head>
	<body>
		<h1>CrossSafe Test Page</h1>
		<p>
		This page tests CrossSafe retrieving data from different domains, and retrieves a request that attempts
		to access the information on the page (evil.json) which should be denied. 
		Information should be retrieved from Brad Neuberg's transclusion web service, from Yahoo web service,
		and from a JSON object database at www.jspon.org. The evil.json script attempts to
		read from the cookies and attempts to read information from the page. Both attempts should be denied
		if CrossSafe is working properly, and there should be an alert that should show the result of this attempt.
		</p>
		<h2>A transclusion from www.json.org/JSONRequest.html via Brad Neuberg's Purple Transclusion web service (codinginparadise.org):</h2>
		<div id='transclusion'></div>
		<h2>Traffic from Yahoo:</h2>
		<div id='traffic'></div>
		<h2>Data from JSPON object from www.jspon.org:</h2>
		<p>(Warning: Filterset.G has a false positive block on this site)</p>
		<div id='jspon'></div>		
		<h2>Enter your own url to request JSON data from:</h2>
		<input type="text" id="userURL" value="http://www.yourdomain.com/data.json" />
		<button onclick="userRequest()">Request</button>
		<h2>Highly confidential credit card information</h2>
		<input type="text" id="creditCardField" value="123456789123456" />
		<script>
			document.cookie="mysecret=Do not let any foreign servers know about this;path=/";
			
			var id = JSONRequest.get("http://local.yahooapis.com/MapsService/V1/trafficData?appid=YahooDemo&street=701+First+Street&city=Sunnyvale&state=CA&output=json",
				function(id,obj,err) {
					var trafficDiv = document.getElementById('traffic');
					var incidents = obj.ResultSet.Result;
					trafficDiv.innerHTML = "";
					for (var i = 0; i < incidents.length; i++)
						trafficDiv.innerHTML += '<p>' + incidents[i].Title + ':' + incidents[i].Description + '</p>';			
				});
			JSONRequest.get("http://codinginparadise.org/purple_include/?url=http%3A%2F%2Fwww.json.org/JSONRequest.html&address=xpath(%2F%2Fp%5B2%5D)",
				function(id,obj,err) {
					var transclusionDiv = document.getElementById('transclusion');
					transclusionDiv.innerHTML = obj.content.substring(0,500);
				});
			CrossSafe.callbackParameter='jsonp';
			JSONRequest.get("http://www.jspon.org/dyna/82493",
				function(id,obj,err) {
					var jsponDiv = document.getElementById('jspon');
					jsponDiv.innerHTML = obj.title;
				});
			
			CrossSafe.callbackParameter='callback';
			JSONRequest.get("http://www.authenteo.com/CrossSafe/evil.json",function(id,obj,err) {
			});
			function userRequest() {
				var url = document.getElementById("userURL").value;
				JSONRequest.get(url,function(id,obj,error) {
					alert("The request for url " + url + " returned " + obj + (error ? " error: " + error.message : ""));
				});
			}
		</script>
	
	</body>
</html>